Upload
matt-ffolliott-powell
View
57
Download
0
Embed Size (px)
Citation preview
Installation Guide CensorNet Professional
Copyright © CensorNet Limited, 2005-2010
This document is designed to provide information about the first time installation the CensorNet Professional web content filtering software using the self-install CD. Every effort has been made to make this document as complete and accurate as possible, but no warranty or fitness is implied. CensorNet Ltd does not accept any liability for poorly designed or malfunctioning networks.
2 © 2009 CensorNet Ltd
INTRODUCTION
You may install CensorNet onto a dedicated server using the self install CD ROM. The latest CD image can be
downloaded from the CensorNet web site: http://www.censornet.com. The image is a bootable ISO image file
that should be burnt to a blank CD-R.
REQUIREMENTS
A dedicated server with the following minimum specifications:
o 2 Gigabytes of RAM (4 Gigabytes recommended for large networks)
o 80 Gigabyte hard disk (120 Gigabyte and hardware RAID recommended)
o A 2 GHz Intel or AMD processor (Dual core 2.5GHz processor recommended)
o At least one Ethernet port or 2 ports for In-line mode usage.
Internet access
A Web Browser (IE 5+, FF 2+ or similar)
Spare Ethernet port on your router/switch
TECHNICAL SUPPORT
If you require any assistance at all during the installation, configuration or general use of CensorNet, please use the
following options:-
Telephone +44 (0) 845 230 9592
E-mail [email protected]
Online http://www.censornet.com/support
PREPARATION
WARNING: INSTALLING CENSORNET WITH THE SELF INSTALL CD-ROM WILL COMPLETELY FORMAT THE
HARD DISK IN THE COMPUTER AND ALL DATA WILL BE LOST. IF YOU DO NOT WANT TO LOSE THE DATA
PLEASE USE AN ALTERNATIVE METHOD SUCH AS A VIRTUAL MACHINE OR RACKMOUNT APPLIANCE.
PLEASE VISIT WWW.CENSORNET.COM FOR DETAILS.
Make sure the server on which you choose to run the self install CD ROM has no data on the hard disk drives that you
want to keep. You should preferably use a brand new hard disk or hardware RAID array to ensure maximum reliability.
Make sure the server meets or exceeds the requirements set out on the requirements section above.
3 © 2009 CensorNet Ltd
In order for the self install CD ROM to work, the server’s BIOS settings must be set to boot from the CD ROM drive
before any other bootable media in the server. Refer to the server or motherboard instruction manual if you do not
know how to change the BIOS boot order.
4 © 2009 CensorNet Ltd
NETWORK POSITIONING
CensorNet can operate in two modes; SIDEWAYS PROXY or INLINE MODE. SIDEWAYS mode is the traditional (and
most used) method of installing a proxy server, with it positioned as if it was another machine on your network. All
browsers are configured to use the CensorNet machine as their proxy server.
INLINE mode differs in that the CensorNet server is positioned between your switch and Internet gateway. The
CensorNet server acts as a bridge and transparently intercepts any web traffic (port 80 and 443) and filters it.
PLEASE NOTE THAT THE SERVER REQUIRES TWO NETWORK CARDS TO OPERATE CORRECTLY.
SIDEWAYS PROXY (DEFAULT MODE)
CensorNet as a SIDEWAYS proxy server should be configured with a static IP address on your LAN segment and its
default gateway set to the IP address of your router or firewall. If you intend to enable user authentication then the
CensorNet™ server needs to be able to communicate with your domain controller (Active Directory, NT, Samba, Novell,
LDAP, local).
NOTES / REQUIREMENTS
5 © 2009 CensorNet Ltd
1. It is recommended that you block traffic from your LAN to port 80 and 443 unless it originates from the IP
address of the CensorNet™ server. This will ensure users/computers cannot bypass the proxy server.
2. You will also need to configure the client Web browsers to use a proxy by setting an Active Directory Group
Policy or using a Proxy Auto Discovery file via DHCP.
3. If you do not have a firewall we recommend Vyatta or IPCop, both of which are Open Source.
INLINE PROXY (TRANSPARENT INTERCEPTION)
CensorNet in Inline mode should be placed directly between your switch and your gateway. It is important to note that
CensorNet acts as a bridge and will only intercept HTTP and HTTPS traffic. All other data, regardless of protocol, will be
passed on to the gateway as normal. The following diagrams show a before and after diagram of a simple network. For
further advice about Inline mode please contact Technical Support.
HIGH AVAILABILITY
CensorNet can be configured in a High Availability mode. This involves two identical CensorNet servers which perform
disk replication over a gigabit backbone and use a floating IP to determine which server is active at any given time. If
one of the servers detects a problem with the other, the healthy server will automatically take over and vice versa. The
servers are also clever enough to automatically promote the healthy server if a critical service becomes unstable. The
High Availability options do cost extra and should be discussed with the sales team.
6 © 2009 CensorNet Ltd
7 © 2009 CensorNet Ltd
INSTALLING THE SOFTWARE
Place the self install CD ROM into the server’s CD ROM drive and reset the machine. After the BIOS self test, the
computer should boot from the CD ROM and you should see a screen like this one below:
Press the <ENTER> (or <RETURN>) key to begin the installation, you will be prompted to select the language, locale
and keyboard type, simply follow the on screen prompts, using the <TAB>, arrow and <ENTER> keys to navigate the
dialog boxes:
8 © 2009 CensorNet Ltd
After a few minutes you will be asked to configure the settings that CensorNet will use to integrate into your network.
If the server has more than one Ethernet port, you will be asked to select one to configure, if in doubt choose the top
entry in the list. When prompted enter a static IP address that CensorNet will use on your network:
9 © 2009 CensorNet Ltd
When prompted, enter the subnet mask, gateway address and DNS server addresses so that CensorNet can access the
Internet.
Next, choose a host name for your CensorNet server, or just leave the default “CENSORNET”, then enter your domain
name, or if in doubt leave the domain name blank.
When the network has been configured, you will be asked to choose the hard disk drive (or RAID array) to install the
CensorNet software onto.
BE WARNED, THIS WILL COMPLETELY FORMAT THE ENTIRE DISK DRIVE YOU CHOOSE, SO
MAKE SURE YOU CHOOSE THE DRIVE ACCORDINGLY.
10 © 2009 CensorNet Ltd
You will then be asked to confirm for one last time that it’s OK to format the selected hard disk drive, move the cursor
to <YES> using the <TAB> key and press <ENTER> to confirm:
After a few minutes you will be prompted to enter HTTP proxy information. This is only required if your Internet
service provider forces you to use an upstream proxy server to connect to the internet. Leave the proxy information
box blank if you do not have to use an upstream proxy, or if you are in doubt.
11 © 2009 CensorNet Ltd
If you need to use a proxy server and your ISP’s proxy server has an address of 10.2.3.4 on port 8080 and requires a
username of “user” and password “pass” to access it, you should enter:
HTTP://USER:[email protected]:8080
If your ISP’s proxy server does not require user authentication, then just enter its address, a colon and then its port
number like so:
HTTP://10.2.3.4:8080
After about 15 minutes, CensorNet should be installed onto the server. If you see any red screens this indicates and
error and is probably due to the network settings being incorrect, or some physical problem with the connection from
the CensorNet server and your Internet gateway/router. Please contact CensorNet technical support if you require
assistance.
When the installation is complete you will be prompted to remove the CD ROM from the CD drive, and press <ENTER>
to reboot into the new system:
12 © 2009 CensorNet Ltd
After the system reboots, you should be presented with the “FIRST RUN CONFIGURATION” program where it is
important to set passwords for your CensorNet server.
DID YOU ENCOUNTER A PROBLEM DURING INSTALLATION?
This could be caused by two things:-
1. Incorrect network settings. The installation system requires access to the Internet in order to download files.
Double check the network configuration especially the DNS servers and proxy (if required) to ensure
connectivity during installation.
2. Incompatible hardware. The installation CD may not contain the required kernel for your hardware. The fix is
to download the complete Linux operating system – please contact Technical Support for details.
13 © 2009 CensorNet Ltd
FIRST RUN CONFIGURATION
The first time the CensorNet server is started up, the “FIRST RUN CONFIGURATION” wizard will start.
Press ENTER to start the wizard. The following warning will be displayed – please read it and take note of the
importance of the root password.
Press ENTER to continue.
Enter your password into the fields provided and then select OK to continue. We recommend that you choose a strong
password, which should have at least three of the following five characteristics:-
One or more capital letters
Two or more numbers
One or more punctuation marks
One or more symbols
Fewer than three of the same characters consecutively
14 © 2009 CensorNet Ltd
After selecting “OK” you should receive the following confirmation:
You will then be presented with the standard configuration menu, where you can choose to
change the network settings, upgrade your CensorNet server to the latest version or change
the passwords again.
CENSORNET IS NOW INSTALLED AND READY TO USE. PLEASE READ THE GETTING STARTED
GUIDE FOR FIRST TIME CONFIGURATION INFORMATION.